CWE:
 

Topic
Date
Author
Med.
Food Ordering Management System 1.0 SQL Injection
27.09.2022
Yousef Alraddadi
Med.
WorkOrder CMS 0.1.0 SQL Injection
24.09.2022
Chokri Hammedi
High
VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload
22.09.2022
Edd13Mora
Med.
Social Share Button 2.2.3 SQL Injection
16.09.2022
nu11secur1ty
Med.
Rocket LMS 1.6 SQL Injection
16.09.2022
CraCkEr
Med.
Online Market Place Site 1.0 SQL Injection
06.09.2022
Joe Pollock
Med.
WordPress Core Cross Site Scripting / SQL Injection
31.08.2022
Khalilov Moe
Med.
AeroCMS 0.0.1 SQL Injection
29.08.2022
nu11secur1ty
Med.
Personnel Property Equipment 2015-2022 SQL Injection
22.08.2022
nu11secur1ty
Med.
Inout RealEstate 2.1.2 SQL Injection
15.08.2022
CraCkEr
Med.
Gas Agency Management 2022 SQL Injection / XSS / Shell Upload
14.08.2022
nu11secur1ty
Med.
Prestashop Blockwishlist 2.1.0 SQL Injection
14.08.2022
Karthik UJ
Med.
Readymade Job Portal Script SQL Injection
14.08.2022
CraCkEr
Med.
Matrimonial PHP Script 1.0 SQL Injection
12.08.2022
CraCkEr
Med.
Multi-Language Hotel Management 2022 1.0 SQL Injection
03.08.2022
nu11secur1ty
Med.
CodeIgniter CMS 4.2.0 SQL Injection
02.08.2022
E1.Coders
Med.
Hospital Information System 1.0 SQL Injection
26.07.2022
saitamang
Med.
Expert X Jobs Portal And Resume Builder 1.0 SQL Injection
26.07.2022
CraCkEr
Med.
Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection
25.07.2022
CraCkEr
Med.
Royal Event Management System 1.0 todate SQL Injection (Authenticated)
23.07.2022
Eren Gozaydin
Med.
Emporium eCommerce Online Shopping CMS 1.2 SQL Injection
20.07.2022
CraCkEr
Med.
Orange Station 1.0 SQL Injection
18.07.2022
nu11secur1ty
Med.
Travel Tours Script 1.0 SQL Injection
18.07.2022
CraCkEr
Med.
CSZ CMS 1.3.0 SQL Injection
17.07.2022
Dogukan Dincer
Med.
Online Discussion Forum Site 1.0 SQL Injection
17.07.2022
Saud Alenazi
Med.
WordPress Visual Slide Box Builder 3.2.9 SQL Injection
12.07.2022
nu11secur1ty
Med.
Advanced Testimonials Manager 5.6 SQL Injection
05.07.2022
indoushka
Med.
OPSTECH Thailand Gov Management System Multiple Vulnerabilities
04.07.2022
NaughtySec
Med.
Stock Management System 2020 SQL Injection
04.07.2022
nu11secur1ty
Med.
DouPHP 1.2 Release 20141027 SQL Injection
04.07.2022
indoushka
Med.
Library Management System With QR Code 1.0 SQL Injection
28.06.2022
Ashish Kumar
Med.
Coffee Shop Cashiering System 1.0 SQL Injection
28.06.2022
syad
Med.
Virtua Software Cobranca 12S SQL Injection
20.06.2022
Luca Regne
Med.
ChurchCRM 4.4.5 SQL Injection
20.06.2022
nu11secur1ty
Med.
Warehouse Management System 2022 SQL Injection
20.06.2022
nu11secur1ty
Med.
Old Age Home Management System 1.0 SQL Injection
20.06.2022
twseptian
Med.
Fast Food Ordering System 1.0 SQL Injection
01.06.2022
nu11secur1ty
Med.
Online Fire Reporting System 1.0 SQL Injection
25.05.2022
nu11secur1ty
Med.
CLink Office 2.0 SQL Injection
25.05.2022
Stephen Tsoi
Med.
Blockchain FiatExchanger 2.2.1 SQL Injection
24.05.2022
Mohamed N. Ali
Med.
Blockchain AltExchanger 1.2.1 SQL Injection
24.05.2022
Mohamed N. Ali
Med.
SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
22.05.2022
Fabian Hagg
Med.
T-Soft E-Commerce 4 SQL Injection
17.05.2022
Alperen Ergel
Med.
WebTareas 2.4 SQL Injection
11.05.2022
Behrad Taher
Med.
Travel Management System 1.0 SQL Injection
09.05.2022
nu11secur1ty
Med.
School Dormitory Management 1.0 SQL Injection
09.05.2022
nu11secur1ty
Med.
Red Planet Laundry Management System 1.0 SQL Injection
08.05.2022
nu11secur1ty
Med.
ChatBot Application With A Suggestion Feature 1.0 SQL Injection
06.05.2022
Saud Alenazi
Med.
Toll Tax Management System 1.0 SQL Injection
03.05.2022
nu11secur1ty
Med.
Home Clean Service System 1.0 SQL Injection
01.05.2022
nu11secur1ty
Med.
Joomla Sexy Polling 2.1.7 SQL Injection
26.04.2022
Wolfgang Hotwagner
Med.
Explore CMS 1.0 SQL Injection
13.04.2022
Sajibe Kanti
Med.
Bakery Shop Management System 1.0 SQL Injection
06.04.2022
Hejap Zairy
Med.
Medical Hub Directory Site 1.0 SQL Injection
01.04.2022
Saud Alenazi
Med.
Message System 1.0 SQL Injection
31.03.2022
Hejap Zairy
Med.
CSZ CMS 1.2.9 SQL Injection
30.03.2022
Rahad Chowdhury
Med.
Sports Complex Booking System 1.0 SQL Injection
25.03.2022
Hejap Zairy
Med.
Microfinance Management System 1.0 SQL Injection
24.03.2022
Hejap Zairy
Med.
Online Sports Complex Booking System 1.0 SQL Injection
24.03.2022
Saud Alenazi
Med.
Baixar GLPI Project 9.4.6 SQL Injection
17.03.2022
Joas Antonio
Med.
Moodle 3.11.5 SQL Injection
16.03.2022
Chris Anastasio
Med.
Employee Performance Evaluation System 1.0 SQL Injection
13.03.2022
nu11secur1ty
Med.
Matrimony 1.0 SQL Injection
07.03.2022
nu11secur1ty
Med.
Car Driving School Management 1.0 SQL Injection
02.03.2022
nu11secur1ty
Med.
Casdoor 1.13.0 SQL Injection
01.03.2022
Mayank Deshmukh
Med.
Simple Mobile Comparison Website 1.0 SQL Injection
28.02.2022
nu11secur1ty
Med.
Bank Management System 1.0 SQL Injection
28.02.2022
nu11secur1ty
Med.
WordPress Perfect Survey 1.5.1 SQL Injection
23.02.2022
Ron Jost
Med.
Cab Management System 1.0 SQL Injection
23.02.2022
Alperen Ergel
Med.
WordPress WP User Frontend 3.5.25 SQL Injection
22.02.2022
Ron Jost
Med.
Auto Spare Parts Management 1.0 SQL Injection
22.02.2022
nu11secur1ty
Med.
Air Cargo Management System 1.0 SQL Injection
22.02.2022
nu11secur1ty
Med.
Medical Store Management System 1.0 SQL Injection
17.02.2022
nu11secur1ty
Med.
Vicidial 2.14-783a SQL Injection
17.02.2022
Vulnerability Laborato...
Med.
WordPress Secure Copy Content Protection And Content Locking 2.8.1 SQL Injection
14.02.2022
Ron Jost
Med.
Accounting Journal Management System 1.0 SQL Injection
13.02.2022
Alperen Ergel
Med.
Home Owners Collection Management System 1.0 SQL Injection
12.02.2022
Saud Alenazi
Med.
Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQL Injection / Code Execution
12.02.2022
golem445
Med.
Atom CMS 2.0 SQL Injection
09.02.2022
Luca Cuzzolin
Med.
Moodle 3.11.4 SQL Injection
04.02.2022
lavclash75
Med.
WordPress Download Monitor WordPress 4.4.4 SQL Injection
03.02.2022
Ron Jost
Med.
Wordpress Plugin 404 to 301 2.0.2 SQL-Injection (Authenticated)
02.02.2022
Ron Jost
Med.
WordPress Modern Events Calendar 6.1 SQL Injection
28.01.2022
Ron Jost
Med.
WordPress RegistrationMagic V 5.0.1.5 SQL Injection
27.01.2022
Ron Jost
Med.
Online Project Time Management 1.0 SQL Injection
24.01.2022
nu11secur1ty
Med.
WordPress Plugin WP Visitor Statistics 4.7 SQL Injection
18.01.2022
Ron Jost
Med.
SalonERP 3.0.1 sql SQL Injection (Authenticated)
18.01.2022
Betul Denizler
Med.
Simple Chatbot Application 1.0 SQL Injection
18.01.2022
Saud Alenazi
Med.
Nyron 1.0 SQL Injection
18.01.2022
Miguel Santareno
Med.
Developed by : Muhammad Jamil - SQL Injection
17.01.2022
Unkn0wn
Med.
SB Admin Cross Site Request Forgery / SQL Injection
17.01.2022
Taurus Omar
Med.
CENTRAL LUZON AGRICULTURE University
15.01.2022
Unkn0wn
Med.
Online Railway Reservation System 1.0 SQL Injection
10.01.2022
twseptian
Med.
openSIS Student Information System 8.0 SQL Injection
09.01.2022
securityforeveryone.co...
Med.
Simple Music Cloud Community System 1.0 SQL Injection
06.01.2022
nu11secur1ty
Med.
Hospitals Patient Records Management System 1.0 SQL Injection
05.01.2022
twseptian
Med.
Nettmp NNT 5.1 SQL Injection
05.01.2022
Momen Eldawakhly
Med.
Computer And Mobile Repair Shop Management 1.0 SQL Injection
04.01.2022
nu11secur1ty
Med.
Video Sharing Website 1.0 SQL Injection
20.12.2021
nu11secur1ty
Med.
SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG SQL Injection
16.12.2021
Raschin Tavakoli


CVEMAP Search Results

CVE
Details
Description
2022-09-19
Waiting for details
CVE-2022-3142

Updating...
 

 
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.

 
Waiting for details
CVE-2022-3141

Updating...
 

 
The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.

 
Waiting for details
CVE-2022-2958

Updating...
 

 
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections

 
Waiting for details
CVE-2022-2754

Updating...
 

 
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks

 
2022-09-14
Waiting for details
CVE-2022-35947

Updating...
 

 
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could leverage to simulate an arbitrary user login. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should disable the `Enable login with external token` API configuration.

 
2022-09-07
Waiting for details
CVE-2022-3130

Updating...
 

 
A vulnerability classified as critical has been found in codeprojects Online Driving School. This affects an unknown part of the file /login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207873 was assigned to this vulnerability.

 
2022-09-06
Waiting for details
CVE-2022-2718

Updating...
 

 

 
2022-09-05
Waiting for details
CVE-2022-3120

Updating...
 

 
A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-207847.

 
2022-09-04
Waiting for details
CVE-2022-3118

Updating...
 

 
A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability.

 
2022-08-29
Waiting for details
CVE-2022-2559

Updating...
 

 
The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users

 

 


Copyright 2022, cxsecurity.com

 

Back to Top